unable to mount CIFS share with comma in password
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| | cifs-utils (Ubuntu) |
Undecided
|
Unassigned | ||
| | linux (Ubuntu) |
Undecided
|
Unassigned | ||
Bug Description
Since the update to Quantal I am unable to mount CIFS shares with a comma in the password:
root@lama ~ # PASSWD=",password" mount -t cifs //cifs.example.org target -o username=
mount error(22): Invalid argument
Refer to the mount.cifs(8) manual page (e.g. man mount.cifs)
32 root@lama ~ # dmesg | tail -1
[17848.954253] CIFS: Unknown mount option "password"
The same thing happens with a credential file and the password prompt.
This looks like a parser regression:
mount.cifs(8) explains:
Note that a password which contains the delimiter character (i.e. a
comma ´,´) will fail to be parsed correctly on the command line.
However, the same password defined in the PASSWD environment
variable or via a credentials file (see below) or entered at the
password prompt will be read correctly.
This is pretty evil, as it exposes parts of the password through dmesg.
| description: | updated |
| Carlos Capote (mail-carloscapote) wrote : | #2 |
Same problem here. Indeed, it affects to every user having a comma on its password!
| Dee (dmusil-x) wrote : | #3 |
Comma in password is just a common case. Password is not possible to put in between '' or "", what is a major issue.
| test051102 (test051102) wrote : | #4 |
I am also affected by this problem. The previous comment of Dee is wrong. Passwords can be successfully put into "". When choosing a password like "a, b" mount outputs "mount error(22): Invalid argument". But dmesg reports "CIFS: Unknown mount option " b".
This clearly indicates a software problem. The software tries to seperate arguments by using the comma character. It does not respect complex passwords embedded in "" characters.
It is some kind of standard to use complex and possibly "secure" passwords today. This cannot be achieved by using CIFS on Linux. It would be very nice if this could be fixed.
| Thorsten Tüllmann (ttuellmann) wrote : | #5 |
Almost three years later I am not involved in Ubuntu any more. As I still get emails from time to time, so I figure, this has not been fixed yet. I involved the Ubuntu Security Team, as this obviously is an information disclosure vulnerability.
| Seth Arnold (seth-arnold) wrote : | #6 |
There's so many different ways to get the password in the mount.cifs.c sources that I wouldn't be surprised if one path works fine while another path fails this way.
For those who can test this, it would be nice to test mount -t cifs vs calling mount.cifs directly, and it'd be worth testing the PASSWD environment variable, the PASSWD_FD environment variable, the PASSWD_FILE environment variable, the --pass and --password and -p command line options, the systemd-
The kernel sources also appears to log unknown options only if "sloppy" isn't being used:
if (!sloppy && invalid) {
}
so be sure to test with and without sloppy to make sure you're testing the right thing.
Thanks
| information type: | Public → Public Security |
This bug is missing log files that will aid in diagnosing the problem. From a terminal window please run:
apport-collect 1069915
and then change the status of the bug to 'Confirmed'.
If, due to the nature of the issue you have encountered, you are unable to run this command, please add a comment stating that fact and change the bug status to 'Confirmed'.
This change has been made by an automated script, maintained by the Ubuntu Kernel Team.
| Changed in linux (Ubuntu): | |
| status: | New → Incomplete |
| Seth Arnold (seth-arnold) wrote : | #8 |
The bug description includes dmesg output demonstrating the issue is real; comment #6 includes the kernel source that probably emitted the logs in the description. Thus setting to 'confirmed'.
| Changed in linux (Ubuntu): | |
| status: | Incomplete → Confirmed |
Status changed to 'Confirmed' because the bug affects multiple users.